What's new in GitLab

Stay updated with our latest features and improvements.

What's new in GitLab 18.1

Jun 24, 2025
Past release

Maven virtual registry, SLSA compliance components, enhanced code review, compromised password detection, and foundational platform improvements.

Building the foundation for AI-enhanced DevOps

With GitLab 18.1, we are setting the groundwork for modernized software development where dependency management, security, and compliance become intelligent, automated capabilities that scale with your organization.

Read CEO's blog

Maven Virtual Registry (Beta): Centralizing Enterprise Dependency Management

Manage

Deploy

Operate

The Maven registry combines multiple repositories into one endpoint, eliminates sequential queries, and reduces setup complexity so developers can focus on coding instead of managing repositories:

  • Intelligent caching accelerates build times to enable teams to iterate and ship faster.

  • Real-time security scanning across all dependencies provides continuous vulnerability detection without manual checks.

  • Enterprise scale supports 20 virtual registries with 20 upstreams each to accommodate for large organizations' complex needs.

SLSA Level 1 Compliance: Automate supply chain security

Secure

Deploy

Analyze

New pre-built CI/CD components deliver immediate SLSA compliance for software supply chain security without custom development:

  • Automatic provenance generation by GitLab Runner creates SLSA-compliant attestation which eliminates manual compliance steps.

  • Cryptographic signing and verification ensures artifact integrity to provide auditable proof of secure builds.

  • Verification Summary Attestations (VSA) for job artifacts enable compliance reporting with minimal maintenance.

Compromised password detection: Proactive credential protection

Manage

Secure

Automatic credential checking against breaches help prevent account compromise:

  • Zero-configuration deployment provides immediate protection without setup.

  • Real-time threat detection checks credentials against known compromised password databases instantly to enable immediate response to emerging threats.

  • Instant security alerts notify users via banner and email when credentials are at risk with clear remediation steps when action is needed.

Enhanced compliance controls: Streamlined governance

Manage

Secure

Analyze

Strengthened compliance capabilities help organizations manage regulatory standards at scale:

  • Custom control naming enables clear identification to help compliance teams organize external controls effectively.

  • Pagination for framework UI compliance requirements expanded to 50 to improve navigation for large frameworks.

  • Granular status reporting shows individual control details to provide actionable compliance insights.

  • Variable precedence controls balance security with flexibility to enable customization within policy boundaries.

Duo Code Review (GA): AI-powered code quality at scale

Code

Analyze

AI

Production-ready automated code review addresses bottlenecks in software development workflows while maintaining quality standards:

  • Initial automated code review reduces review cycles from hours to minutes to help developers merge code faster.

  • Interactive refinement with @GitLabDuo mentions provides direct feedback to address specific code concerns.

  • Context-aware analysis leverages project understanding to deliver relevant, project-specific recommendations.